CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/06 12:19 p.m.•2 views

CVE-2018-25173 Rmedia SMS 1.0 SQL Injection via editgrp.php

8.8CVSS5.9AI score0.00237EPSS

CVE•added 2026/03/06 12:19 p.m.•7 views

CVE-2018-25173

Rmedia SMS 1.0 contains an unauthenticated SQL injection via the gid parameter in editgrp.php. An attacker can issue crafted GET requests using EXTRACTVALUE and CONCAT to retrieve schema names and sensitive database data. The vulnerability’s CVSS scores indicate a high-risk impact (CVSS 3.1: 8.2;...

8.8CVSS5.9AI score0.00237EPSS

Cvelist•added 2026/03/06 12:19 p.m.•28 views

CVE-2018-25172 Pedidos 1.0 SQL Injection via load_proveedores.php

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to the ajax/loadproveedores.php endpoint with crafted SQL payloads to extract sensitive...

8.8CVSS0.00293EPSS

ATTACKERKB•added 2026/03/06 12:19 p.m.•2 views

CVE-2018-25172

8.8CVSS6.1AI score0.00293EPSS

CVE•added 2026/03/06 12:19 p.m.•10 views

CVE-2018-25172

Pedidos 1.0 contains an SQL injection in the unauthenticated endpoint ajax/load_proveedores.php via the q parameter. Attackers can send crafted GET requests to retrieve sensitive data, including database schema names and table structures. The vulnerability is rated high (CVSS 3.1: 8.2; CVSS 4.0: ...

8.8CVSS6.1AI score0.00293EPSS

CVE•added 2026/03/06 12:19 p.m.•10 views

CVE-2018-25171

EdTv 2 contains an SQL injection vulnerability exploitable by unauthenticated attackers via the id parameter in GET requests to admin/edit_source, enabling extraction of database information (schemas, credentials, version). The issue is triggered by crafted SQL UNION statements. Public references...

8.8CVSS6.1AI score0.00281EPSS

Cvelist•added 2026/03/06 12:19 p.m.•29 views

CVE-2018-25171 EdTv 2 SQL Injection via id Parameter

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

8.8CVSS0.00281EPSS

Vulnrichment•added 2026/03/06 12:19 p.m.•1 views

CVE-2018-25170 DoceboLMS 1.2 SQL Injection via lesson.php

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

8.8CVSS5.9AI score0.00134EPSS

CVE•added 2026/03/06 12:19 p.m.•10 views

CVE-2018-25170

CVE-2018-25170 affects DoceboLMS 1.2. An SQL injection enables unauthenticated attackers to manipulate queries by injecting SQL through lesson.php parameters id, idC, and idU via GET requests to retrieve sensitive data. The connected sources confirm the vulnerability and affected workflow but do ...

8.8CVSS5.9AI score0.00134EPSS

ATTACKERKB•added 2026/03/06 12:18 p.m.•3 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

Vulnrichment•added 2026/03/06 12:18 p.m.•5 views

CVE-2018-25166 Meneame English Pligg 5.8 SQL Injection via search Parameter

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

ATTACKERKB•added 2026/03/06 12:18 p.m.•3 views

CVE-2018-25166

CVE•added 2026/03/06 12:18 p.m.•9 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection in login.inc.php via the login POST parameter, enabling unauthenticated access to extract credentials (usernames, passwords, system credentials). Affected: Net-Billetterie 2.9, login.inc.php. Impact: confidentiality loss; CVSS v3.1 base 8.2 / v4 base ...

CVE•added 2026/03/06 12:18 p.m.•8 views

CVE-2018-25166

Meneame English Pligg 5.8 contains an SQL injection via the search parameter that allows unauthenticated attackers to execute arbitrary SQL through index.php, enabling retrieval of sensitive data such as usernames, database names and version details. The vulnerability is triggered by crafted SQL ...

Cvelist•added 2026/03/06 12:18 p.m.•24 views

CVE-2018-25165 Galaxy Forces MMORPG 0.5.8 SQL Injection via ads.php

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract...

7.1CVSS0.00235EPSS

ATTACKERKB•added 2026/03/06 12:18 p.m.•2 views

CVE-2018-25165

7.1CVSS6.1AI score0.00235EPSS

Vulnrichment•added 2026/03/06 12:18 p.m.•4 views

CVE-2018-25164 EverSync 0.5 Arbitrary File Download via files Directory

EverSync 0.5 contains an arbitrary file download vulnerability that allows unauthenticated attackers to access sensitive files by requesting them directly from the files directory. Attackers can send GET requests to the files directory to download database files like db.sq3 containing application...

8.7CVSS5.9AI score0.00266EPSS

ATTACKERKB•added 2026/03/06 12:18 p.m.•2 views

CVE-2018-25164

8.7CVSS5.9AI score0.00266EPSS

Cvelist•added 2026/03/06 12:18 p.m.•28 views

CVE-2018-25164 EverSync 0.5 Arbitrary File Download via files Directory

8.7CVSS0.00266EPSS